Overview

overview

7

Static

static

7

7403f55d62...18.exe

windows7-x64

7

7403f55d62...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7403f55d628688afbfd7e05cd5c27745_JaffaCakes118.exe

  • Size

    108KB

  • MD5

    7403f55d628688afbfd7e05cd5c27745

  • SHA1

    db263c0be17efc4c7b53b9badb96df7cfeb4761c

  • SHA256

    cc30d0840f3109070e558d8c9fc113fc582e8ef91344c74e360ebbe1a62df319

  • SHA512

    212408a2293ee837da24bab9584adbe46c5d00a751143088a0d57c71b31e2c05fc26e0bbf7a8886d67dc2cfca1053689cd85e0c00b2df6c5e570d2e4423b6fa1

  • SSDEEP

    3072:ed1qCcXqjW4yRq4XrCoa/5c268NsQA+inB1qpfYU8:edaOjy8Smo1260Q+iB18fY

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 15 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\7403f55d628688afbfd7e05cd5c27745_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7403f55d628688afbfd7e05cd5c27745_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:3796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\IME\helps.txt
    Filesize

    48KB

    MD5

    98c499fccb739ab23b75c0d8b98e0481

    SHA1

    0ef5c464823550d5f53dd485e91dabc5d5a1ba0a

    SHA256

    d9d8ce1b86b3978889466ab1b9f46778942d276922bf7533327a493083913087

    SHA512

    9e64ac13e18ab0a518bb85b6612520645b5ab2c9a5359ced943813ba7344714999f25ba0e52240ad2d0c2fefc76552ff43173adc46334ff0b5dba171fb58e4e6

    Download Submit

  • C:\Windows\INF\Https.dll
    Filesize

    129KB

    MD5

    75d5d310791786c87b85bdd2a9f4f17f

    SHA1

    a61a250c842ca243be86c203c5dd890fa1167dd9

    SHA256

    7227a56c6735e055ff097dae22811b207e71af0acac730c126ae27ca433c2809

    SHA512

    6545cf7fdace26cbcfb2d95e24d06011f8dad14a038aaf9e3f7bc046f1504657f3c2490c7a81530c7de7fa85d3e779cdf5e78a9d695c593fee99ed2d990822fc

    Download Submit

  • C:\Windows\INF\Https.sys
    Filesize

    16KB

    MD5

    2de012f51bb1405de2a0252b9ee956d1

    SHA1

    82ce85a4353bad2a76c50f475de51bd4b5aeb226

    SHA256

    54cba28e4813b9e3ee154d68bb77b9b5c14aa0a74549cdbfbbabeeb86ccf17fb

    SHA512

    c7fe6206ea3f3632a19f6c788c77d1d2bc304170b9ebabdc9d398f01e145a8af7ab17973afa3be0c390c2a2e3c3d61babbecbdba504a2b51502d5ff372e79a48

    Download Submit

  • memory/3796-0-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/3796-36-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download